Hi, I helped build this. A few notes about security since people are asking...
RedisMonitor supports AWS security groups for people who are interested (just hit support and ask after signing up). This is the safest way to open up Redis for the security-conscious.
Standard security on a Redis server is a very long password checked at login (AUTH). All of the communication between client and server is unencrypted. We consider this reasonably safe within EC2, high risk over the open Internet.
Redis doesn't have TLS. A few clients have forks with TLS support, but we haven't audited their security at all yet and (frankly) we don't trust them at all.
I strongly suggest you evaluate something like http://www.tarsnap.com/spiped.html, a VPN, or a similar solution. This isn't just read-only access we are talking about.
I absolutely acknowledge that inter-region AWS usage is over the open Internet, and no one's encouraging bad habits like transferring unencrypted data between regions here.
VPNs are great. AWS security groups are reliable too.
I may have overreacted but I've seen people make statements like "We consider this reasonably safe within EC2..." and not realize the inter-region issue. That is why I wanted to force a clear statement.
I also think this really needs to be in your marketing copy or someone who is unaware of that is going to do that sort of thing.
Sorry if I'm being a pain but I think you are overestimating the average developer's knowledge of the potential security issues with exposing Redis like this.
Heroku offers 4 redis cloud providers. I wonder how many setups (if any) happen to go through inter-region, and if some of these providers support some kind of VPN/tunneling.
RedisMonitor supports AWS security groups for people who are interested (just hit support and ask after signing up). This is the safest way to open up Redis for the security-conscious.
Standard security on a Redis server is a very long password checked at login (AUTH). All of the communication between client and server is unencrypted. We consider this reasonably safe within EC2, high risk over the open Internet.
Redis doesn't have TLS. A few clients have forks with TLS support, but we haven't audited their security at all yet and (frankly) we don't trust them at all.